ASA Firewall

Hi All

I am trying to enable SNMP on my ASA and get the following message;

WARNING: The UDP port 161 is in use by another feature. SNMP requests to the device will fail until the snmp-server listen-port command is configured to use a different port.

What feature is using this port?
Leedham2answersAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
Do you happen to have that port forwarded already?
A sanitized config might be handy for us to have a look at :)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Leedham2answersAuthor Commented:
The config on this firewall is HUGE and it will take a while for me to modify it and make it safe for viewing.

We are not port forwarding that port number. I have configured the ASA to work on a different port number and it still aint playing ball. When I do a packet trace is fails on step 5 (ACL_DROP) We allow IP outbound for the IP address of my machine which is the box I am testing from. It is not a version mismatch and I know the password is correct.

Here is the config for SNMP;

snmp-server host inside 192.168.11.29 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server listen-port 60111

This look good to you?
0
Ernie BeekExpertCommented:
Ok,
so the machine you're testing from is: 192.168.11.29, and you allowed port 60111 on the inside interface of the ASA.......
The packet trace looks like there is something being blocked nevertheless.
Does anything show up in the logging when trying to poll?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Leedham2answersAuthor Commented:
Bloody hell, you were right in your first reply. We are forwarding that port for are video conferencing systems. I have just removed that config and it started working. There must be a way around this? I tried configuring it to listen on another port and it was having none of it. Any ideas?

The points are yours :-)
0
Ernie BeekExpertCommented:
Well, thanks :)

Let's see what else we can do. As stated before:
so the machine you're testing from is: 192.168.11.29, and you allowed port 60111 on the inside interface of the ASA.......
The packet trace looks like there is something being blocked nevertheless.
Does anything show up in the logging when trying to poll?


Just to check ;)
0
Feroz AhmedSenior System / Network EngineerCommented:
Hi,

There are 2 ports in SNMP one is 161 and 160 ,161 port number is used for UDP packets and port number 160 is used for TCP Packets.UDP is defined as Connectionless port and TCP is defined as Connection Oriented in Network Topology.BY default 161 port is used by UDP connections which is connectionless and to configure SNMP on TCP Connections which are connection Oriented you will have to enable configure SNMP .
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.